Gmail archiving program is actually spyware

Mon Mar 17, 2008 11:38AM EDT

See Comments (10)

If you've used the G-Archiver program to back up your Gmail (aka Google Mail) email, you've got a headache on your hands. The program has been revealed to be a malicious spyware app that emails your Gmail username and password to a secret Gmail account.

This revelation is especially troubling because most Gmail users use a single Google account to access a wide range of services. Those with AdSense accounts or Google Checkout accounts could face severe financial losses if their Gmail password were to fall into the wrong hands.

G-Archiver is wholly unaffiliated with Google or Gmail and is the product of an independent developer. The revelation that G-Archiver was spyware emerged last week courtesy of programmer Dustin Brooks, who analyzed the source code to find a crude spyware system inside, complete with the name and password of the account to which G-Archiver sends all its victims' account information. He accessed that account and found thousands of records of usernames and passwords inside, including, of course, his own. (Brooks also deleted all those records and changed the password on the account by way of vigilante justice. Good man!)

Meanwhile, in what has to be the least credible excuse/explanation ever, G-Archiver has posted a notice on its website that the program was not spyware but rather that "a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version." Uh, right...

G-Archiver's solution, however, is correct: If you have ever installed the program you should uninstall it and change your Google account password immediately. G-Archiver is so new that it probably will not show up in scans from most anti-spyware products yet.

As well, I probably needn't bother telling you that I don't recommend installing the upcoming new version of G-Archiver when it is released, even if the "flaw" is "corrected." Same goes for other sketchy third-party applications that promise to download messages from any webmail service... provided you give them your name and password. Not all are spyware, to be sure, but you should still tread lightly in this area.

Comments on Gmail archiving program is actually spyware

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by mzw986 on Thu Sep 3, 2009 7:32PM EDT Report Abuse

    The best way to archive a Gmail account is through POP access and a *reputable* POP email program. Simply set your Gmail to Enable POP for all mail (even mail that's already been downloaded), under Settings. Then download your mail into the POP email program you have and voila, instant back up!

  • 2 Posted by aviasphere on Thu Sep 3, 2009 2:59PM EDT Report Abuse

    Google is so cotton pickin' evil it has ceased to be funny!!!!

  • 3 Posted by m_knopp on Thu Sep 3, 2009 7:32PM EDT Report Abuse

    aviasphere, what does this article have to do with Google? Some company wholly unrelated to Google scammed a bunch of people into giving out their usernames and passwords (should have been an automatic red flag) for Google mail. So while you might not like Google, this article does nothing to support your hatred, and your comments in a column such as this only serves to undermine your credibility on the subject. Just food for thought.

  • 4 Posted by agustin2489 on Thu Sep 3, 2009 2:47PM EDT Report Abuse

    I find it a tad bit odd that there are archiver programs for Gmail. The size of the inbox is essentially enough that you can archive everything you want there.

  • 5 Posted by rogueist on Thu Sep 3, 2009 8:49PM EDT Report Abuse

    Not new at all. This news is at least 3 years old to us in the security business. It just looks like finally someone paid attention to it.

More Posts: First Prev 1 2 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.